Hello,

Have a somewhat simple NGFW/OpenDNS configuration and have run into a DNS issue. While I understand what is happening I'm struggling for the proper configuration to address the issue.

Would like to configure an OpenVPN server connection for incoming VPN connections. Would like the configuration to use the Dynamic DNS address so don't have to push out OPVN files each time the ISP changes the ext IP and the VPN users have DNS resolution on the local network.

My configuration is a small scale private network NGFW setup;
- External Interface uses DHCP from a local ISP
- Dynamic DNS set up. Have my registrar set up with an A record that points a sub-domain to the ISP provided DHCP ext ip.

Not a lot of users on the local network. Untangle is the DHCP and DNS server for the local network.

Not that it matters to this, do have a DMZ defined and an external port or 2 forwarded to the DMZ. There are outgoing VPN connections (OpenVPN client, Tunnel for specific IPs, and a few corporate outgoing VPN clients). Again, not that it is applicable to this issue.

In my present NGFW configuration (example):

Config --> Network --> Hostname
Hostname
Hostname: Untangle1
Domain Name: thatdomain.com
Dynamic DNS Service Configuration (configured, works well, knock on wood)
Hostname: Untangle1.thatdomain.com
Public Address: Use Hostname

OpenVPN --> Server
Sitename: ASite
Address Space: <something Untangle picked (172.xxx.xxx.0/24)>
NAT OpenVPN Traffic selected
Site URL: <picks up Untangle1.thatdomain.com:1194>

Group is set up to push DNS with OpenVPN Server selected. Have tried full and split, pushing the LAN IP address, Untangle1.thatdomain.com, etc. for the 'Push DNS Domain Options' and a number of variations. Have the local network exported (192.xxx.xxx.1/24).

In the configuration example outlined above, the VPN clients can connect just fine and work as long as they use IP addresses. DNS doesn't work and I get why. It would seem to me that I should be able to set the Hostname --> Domain Name to something like that "thatdomain.int" and then include that in the DNS Push configuration but if I do that I lose the Dynamic DNS value for the VPN SiteURL. What is the proper way to configure this via the web gui?

Oh, and out of curiosity, I have PCs inside the local network that use their own VPN clients (1 is OpenVPN, the others are corporate solutions) that connect to corporate assets. I found it curious, as I was playing with the OpenVPN configurations I noticed that if I turned off the OpenVPN app, it would break the VPN client connections on the local network regardless of how/where they were connecting. Assuming turning off OpenVPN changes port blocking rules. Haven't had time to look at it.

Thanks in advance!

Al